Machabäerstraße 63, 50668 Köln | +49 221 - 160 600

Privacy Policy

Introduction

 

Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information about how we handle your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations.

Controller within the meaning of data protection law

Hotel Casa Colonia e.K.

Machabäerstr. 63

50668 Köln

mail@cas-colonia.de

Telefax: 0221 160601

 

Definitions

 

Our privacy policy should be simple and understandable for everyone. For this reason, our privacy policy generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.

 

Webhosting

 

This website is hosted by an external service provider (hoster). This website is hosted in XX. Personal data collected on this website is stored on the hoster’s servers. This may include, but is not limited to, IP addresses, contact requests, meta and communication data, web page accesses and other data generated by a website. We have concluded a Data Processing Agreement with the provider in accordance with the requirements of Art. 28 GDPR, in which we commit him to protect the data of our customers and not to pass them on to third parties.

 

Server-Logfiles

 

Once you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during an active connection for communication between your internet browser and our web server

  • Date and time of the request
  • Name of the requested file
  • Page from which the file was requested
  • Access status
  • Web browser used and operating system used
  • (Full) IP address of the requesting computer
  • Transmitted amount of data

We collect the listed data in order to guarantee a frictionless connection establishment and to enable a comfortable use of our website by the users. The log file also serves for evaluating system security and stability as well as administrative purposes. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 lit. f GDPR. For reasons of technical security, in particular to prevent attempts to attack our web server, we may temporarily store this data. It is not possible for us to draw conclusions about individual persons on the basis of this data. After XX days at the latest, the data is made anonymous by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data is not evaluated in anonymous form except for statistical purposes. This data is not combined with data from other data sources.

 

Cookies

 

Our website uses so-called “cookies”. Cookies are small text files that are either temporarily stored on your end device for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or an automatic solution is provided by your web browser. Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping basket function or language settings). Other cookies are used to evaluate user behavior or display advertising. Technically necessary cookies are stored on the basis of Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the storage of cookies for the technically error-free and optimised presentation of our services. Other cookies are only stored with your consent on the basis of Art. 6 para. 1 lit. a GDPR. This consent can be withdrawn at any time for the future. The legal basis may also result from Art. 6 para. 1 lit. b GDPR if the processing is necessary for the performance of a contract to which the data subject is a party or for the implementation of pre-contractual measures taken at the request of the data subject. Insofar as cookies are used for analysis purposes, we will inform you of this separately within the framework of this privacy policy and obtain your consent.

 

You can set your browser to

  • be informed about the setting of cookies,
  • only allow cookies in individual cases,
  • exclude the acceptance of cookies for certain cases or generally,
  • activate the automatic deletion of cookies when the browser is closed.

The cookie settings can be managed under the following links for each browser:

You can also manage cookies of many companies and functions used for advertising individually. To do this, use the appropriate user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices. Most browsers also offer a so-called “do-not-track function”. When this feature is enabled, the browser tells ad networks, websites, and applications that you do not want to be “tracked” for behavioral advertising and the like. For information and instructions on how to edit this feature, please refer to the links below, depending on your browser provider:

Additionally, you can prevent the loading of so-called scripts by default. “NoScript” allows the execution of JavaScripts, Java and other plug-ins only at trusted domains of your choice. Information and instructions on how to edit this function can be obtained from the provider of your browser (e.g. for Mozilla Firefox at: https://addons.mozilla.org/en-US/firefox/addon/noscript/ ). Please note that if you disable cookies, the functionality of our website may be limited.

 

Change cookie settings

 

You can revoke or change your cookie settings at any time. To do so, access the cookie settings again via our integrated thumbprint. You can find this at the bottom left of our website.”

 

Contact form and contact by e-mail

 

If you send us requests via our contact form or email, your details from the contact form or email, including the contact data you have provided there, will be stored for the purpose of processing your request and in the event of follow-up questions. You are required to provide an email address to contact us. Your name and telephone number are optional. Under no circumstances will we pass on this data without your consent. The legal basis for processing the data is our legitimate interest in responding to your request pursuant to Art. 6 para. 1 lit. f GDPR and, if applicable, Art. 6 para. 1 lit. b GDPR, provided that your request is aimed at concluding a contract. Your data will be deleted after final processing of your request, provided that there are no legal storage obligations to the contrary. You can object to the processing of your personal data at any time in the case of Art. 6 para. 1 lit. f GDPR.

 

Booking

 

You can bindingly book our hotel rooms via our website. For this purpose, we use the hotel management software “Ibelsa” provided by ibelsa GmbH (Sybelstraße 41, 10629 Berlin, Germany) to enable interested parties/guests to make an automated hotel booking. In addition to the preferred date, we collect the following personal data:

  • First and last name
  • E-Mail address
  • Telephone number
  • Postal address

The data will not be passed on to third parties in this context. The legal basis for the processing is your consent according to Art. 6 para. 1 lit. a GDPR or, if your request is directed towards the conclusion of a contract, Art. 6 para. 1 lit. b GDPR. We have concluded a data processing agreement with “ibelsa” so that the data provided by you is processed for us in accordance with our instructions and orders. The personal data collected for booking purposes will be deleted if the conclusion of a contract is not achieved or if you revoke your consent. Further information about the processing of data by “ibelsa” can be found here: https://www.ibelsa.com/datenschutz/

 

Integration of the TrustYou seal

 

In order to display our TrustYou quality seal and, where applicable, collected ratings, as well as to offer TrustYou products to buyers after they conducted a booking, the TrustYou quality seal is integrated on this website. This serves the purpose of protecting our overriding legitimate interests in the optimal marketing of our offer in accordance with Art. 6 para. 1 p. 1 lit. f GDPR. The quality seal and the thereby promoted services are an offer of TrustYou GmbH, Steinerstraße 15, 81369 Munich, Germany. Upon accessing the seal, the web server automatically saves a so-called server log file, which contains, for example, your IP address, date and time of access, amount of data transferred and the requesting provider (access data) and also logs the access. This access data is not evaluated and is automatically overwritten within seven days of the end of your visit to the site. Further personal data such as cookies are only transferred to TrustYou in the case that you have granted your consent in accordance with Art. 6 Para. 1 lit. a GDPR, if you decide to use Trusted Shops products after completing a booking, or if you have already registered for the use of Trusted Shops products. In this case, the contractual agreement made between you and TrustYou applies. For more information, please visit https://www.trustyou.com/de/downloads/TrustYou_GmbH_Privacy_Policy_ENG_12-2020_clean.pdft

 

Holiday Check Rating

 

This page embeds a widget from HolidayCheck to display ratings. The provider is HolidayCheck AG, Bahnweg 8, CH-8598 Bottighofen, Switzerland. To use the functions of the HolidayCheck widget, it is necessary to store your IP address. This information is usually transmitted to a HolidayCheck server in Switzerland and stored there. The provider of this site has no influence on this data transmission. When you click on the “Rate now” button, a popup will open. When you enter a rating you will have to enter your first name, email address and place of residence. Afterwards, you will receive an e-mail confirming the hotel rating. When you submit your rating, this data is usually transferred to a HolidayCheck server in Switzerland and stored there. Based on an adequacy decision pursuant to Art. 45 para. 1 GDPR, Switzerland is considered a safe third country that guarantees an adequate level of data protection.

 

The use of the HolidayCheck widget is in the interest of presenting the reviews of our hotel submitted on HolidayCheck, and to offer the possibility of writing a review on HolidayCheck. This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The collection of your data in the context of the hotel rating, on the other hand, takes place voluntarily, on the basis of your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time for the future. You can find more information on how HolidayCheck handles user data in HolidayCheck’s privacy policy: https://www.holidaycheck.de/datenschutz.

 

Google Maps

 

Our homepage uses the online map service provider Google Maps via an interface. Provider of the map service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This allows us to display interactive maps directly on the website and makes it easy for you to use the map function. To use the functionalities of Google Maps it is necessary to save your IP address. The legal basis for the processing of your personal data is your given consent according to Art. 6 para. 1 s. 1 lit. a GDPR.

By using the service, personal data is transferred to the U.S. The legal basis for the transfer of your personal data to the U.S. is your consent in accordance with Art. 49 para. 1 s. 1 lit. a GDPR. Please note that such transfers of personal data without an adequacy decision and appropriate safeguards pose a risk to you. The risk is that due to legislation in the U.S., the personal data may be accessed by American authorities (in particular the intelligence services). Legal protection options or information on the handling of your data by the U.S. authorities are only possible to a very limited extent or not at all. A level of data protection in accordance with the regulations of the GDPR can therefore not be ensured. Further information on the handling of user data can be found in Google’s privacy policy:

https://www.google.de/intl/de/policies/privacy/
Opt-out: https://www.google.com/settings/ads/

 

Vimeo

 

On our website we embed videos from “Vimeo”. “Vimeo” is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA. If you have given us your consent, the processing is carried out for the optimal marketing of our offer in accordance with Art. 6 para. 1 s. 1 lit. a GDPR. The integrated videos from “Vimeo” automatically include the tracking tool Google Analytics. We have no influence on the tracking settings and the analysis results collected via this tool and cannot view them. In addition, web beacons are set for website visitors by embedding “Vimeo” videos. In order to prevent Google Analytics tracking cookies from being set, you can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S. For the purpose and scope of data collection and the further processing and use of data by the providers, as well as your rights and setting options for protecting your privacy, please refer to the “Vimeo” privacy policy: https://vimeo.com/privacy

 

Google reCAPTCHA

 

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The purpose of reCAPTCHA is to check whether the data input on our website (e.g. in a contact form) is made by a human being or by an automated program. For this purpose, reCAPTCHA analyses the behaviour of the website visitor on the basis of various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis reCAPTCHA evaluates different information, e.g.

  • IP address
  • Duration of the website visitor’s stay on the website
  • Mouse movements made by the user
  • The data collected during the analysis is forwarded to Google.

The reCAPTCHA analyses run completely in the background. Website visitors are not notified that an analysis is taking place. The data processing is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in protecting our website from improper automated spying and from unwanted automated transmissions (spam). Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 para. 2 (c) GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. The data will be deleted no later than 13 months after it was collected. We do not store any personal data from the use of reCAPTCHA. In general, personal data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Further information about Google reCAPTCHA and Google’s privacy policy can be found at the following links:https://www.google.com/intl/de/policies/privacy/ and https://www.google.com/recaptcha/intro/v3beta.html

 

Google Analytics

 

Our website uses Google Analytics, an internet analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses so-called “cookies” and web beacons. Google will use this information on behalf of the operator of this website to evaluate your use of the website and to create reports on website activity. Google will also use this information to provide the website operator with further services related to the use of the website and the internet. The IP address sent by your browser in the context of Google Analytics is not combined with other data from Google. Processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the legal basis of your given consent. We use Google Analytics only with activated IP anonymisation. This means that your IP address will only be further processed by Google in abbreviated form. We have concluded a Data Processing Agreement with the service provider in which we oblige him to protect the data of our customers and not to pass them on to third parties.

 

Since a transfer of personal data to the U.S. takes place, further appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S. The terms of use of Google Analytics and information on data protection can be accessed via the following links:

http://www.google.com/analytics/terms/de.html

https://www.google.de/intl/de/policies/

 

The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. User and event-level data associated with cookies, user IDs (e.g., User ID), and advertising IDs (e.g., DoubleClick cookies, Android Advertising ID, IDFA[Apple-Kennung für Werbetreibende]) will be deleted no later than 14 months after collection.

 

You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. Please note, however, that if you do so you may not be able to use all the functions of this website without restriction. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and processing this data by Google by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout.

 

Google Fonts (font display)

 

This website uses Google Fonts, so-called web fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland (“Google”), for the uniform display of fonts.

 

We use Google Fonts to enable an improved display of our website. Google Fonts are optimised for display on the web to enable the presentation of our website on different end devices and to ensure a fast loading time.

 

Insofar as the use is permissible on the basis of our legitimate interest in the improved presentation of our website, the use is made on the basis of Art. 6 para. 1 lit. f DSGVO

 

The Google Fonts are installed locally. There is no connection to Google servers. No additional data is stored for the use of Google Fonts.

 

When using Google Fonts, personal data relating to you will be transmitted to Google and possibly also to Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, i.e. to a third country. We have agreed to the Google APIs Terms of Service (https://developers.google.com/terms), which refer to the “Google Controller-Controller Data Protection Terms” (https://privacy.google.com/businesses/gdprcontrollerterms/). The data transfer takes place on the basis of the standard data protection clauses included here, which allow a transfer to so-called third countries outside the EU in individual cases. We regularly review the necessity and possibility of using additional measures.

 

You can find further information on data protection in Google’s privacy policy:

 

http://www.google.de/intl/de/policies/privacy

 

Further information on Google Fonts can be found at

 

https://fonts.google.com/

 

https://developers.google.com/fonts/faq?hl=de-DE&csw=1

 

External links

 

On our website (HolidayCheck) is solely embedded as a link to the respective service. After clicking on the embedded text/image-link you will be directed to the website of the respective provider. User information will be only transferred after the redirection to the respective provider or submitting a rating. Information regarding the use of your personal data through the use of the website can be found in the privacy policies of the visited websites.

 

Data Transfer and Recipients

 

Your personal data is not transferred to third parties, unless – we have explicitly pointed this out in the description of the respective data processing. – you have given your explicit consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, – the transfer pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and our legitimate interests are not overridden by your fundamental rights and freedoms. – there is a legal obligation to transfer data pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and – required by Art. 6 para. 1 sentence 1 lit. b GDPR for the execution of contractual relationships with you.

In addition, we use external service providers for the processing of our services, whom we have carefully selected and commissioned in writing. They are bound by our instructions and are regularly monitored by us. Required data processing agreements pursuant to Art. 28 GDPR are concluded before the commission. In particular, these contracts concern web hosting services, the dispatch of emails and IT updates and maintenance. Your personal data will not be transferred to third parties by our service providers.

 

Data Security

 

We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk in accordance with Article 32 of the GDPR, taking into account the state of the art, the cost of implementation and the nature, scope, circumstances and purposes of the processing, as well as the varying probability and severity of the risk to the rights and freedoms of natural persons. This website uses SSL encryption for security reasons and to protect the transmission of confidential content.

 

Storage Period

 

The period for which the personal data will be stored is determined by the relevant statutory storage periods (e.g. from commercial law and tax law). The corresponding data is deleted routinely upon expiry of the respective period. If data is required for the fulfilment of a contract or contract initiation, or if we have a legitimate interest in further storage, the data will be deleted if they are no longer required for these purposes or if you make use of your right of withdrawal or objection.

 

Your Rights

 

In the following, you will find information about your data subject rights, which the current data protection law grants you against the controller concerning the processing of personal data: The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data concerned, the categories of recipients to whom your data has been or will be disclosed, the envisaged period for which the data will be stored, the existence of the right to request from the controller rectification or erasure or personal data or restriction of processing of personal data concerning you or to object such processing, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved, as well as the significance and the envisaged consequences.

Im Folgenden finden Sie Informationen dazu, welche Betroffenenrechte das geltende Datenschutzrecht Ihnen gegenüber dem Verantwortlichen hinsichtlich der Verarbeitung Ihrer personenbezogenen Daten gewährt: Das Recht, gemäß Art. 15 DSGVO Auskunft über Ihre von uns verarbeiteten personenbezogenen Daten zu verlangen. Insbesondere können Sie Auskunft über die Verarbeitungszwecke, die Kategorie der personenbezogenen Daten, die Kategorien von Empfängern, gegenüber denen Ihre Daten offengelegt wurden oder werden, die geplante Speicherdauer, das Bestehen eines Rechts auf Berichtigung, Löschung, Einschränkung der Verarbeitung oder Widerspruch, das Bestehen eines Beschwerderechts, die Herkunft ihrer Daten, sofern diese nicht bei uns erhoben wurden, sowie über das Bestehen einer automatisierten Entscheidungsfindung einschließlich Profiling und ggf. aussagekräftigen Informationen zu deren Einzelheiten verlangen.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR, in particular in the Member State of your habitual residence, place of work. The right to withdraw your given consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your given consent concerning the processing of your personal data with effect for the future at any time. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal

 

Right to object

 

If your personal data is processed by us based on legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object at any time to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement of stating a particular situation. If you wish to exercise your right of withdrawal, objection or any of your other rights, simply send an e-mail to
mail@cas-colonia.de.

 

Necessity of providing data

 

The provision of personal data for the decision on the conclusion of a contract, the fulfillment of the contract or for the implementation of pre-contractual measures is voluntary. However, we can only make the decision in the context of contractual measures if you provide such personal data that is required for the conclusion of the contract, the fulfillment of the contract or pre-contractual measures.

 

Automated decision making

Automated decision making or profiling according to Art. 22 GDPR does not take place.

 

Subject to change

 

We reserve the right to adapt or update this privacy policy, if necessary, in compliance with the applicable data protection regulations. In this way, we can adapt it to the current legal requirements and take account of changes to our services, e.g. the introduction of new services. The most current version applies to your visit.

Status of this privacy policy: 12.07.2021